KubeFM

What if Kubernetes was so easy to install and manage to be foolproof?In this KubeFM, Mat argues that GKE is the only Kubernetes managed service that offers a beginner-friendly and thought-through experience in running a Kubernetes cluster.Follow Mat's journey to AKS, GKE and EKS and learn:How GKE autopilot can help you optimize costs and reduce underutilized node resources.How the GKE container-optimized OS prevents and eliminates an entire set of security misconfigurations in node management.How GCP's application of machine learning on the IAM permissions can help you gradually refine security permissions as applications are deployed.But Mat didn't stop there and had more food for thought:Are we over-logging and over-monitoring in Kubernetes?CNI and Ingress have evolved since their inception. What happens now that we are stuck with those decision choices?Is there a simpler alternative to Kubernetes that is multi-cloud and cloud agnostic, and what could it look like?More infoFind all the links and info for this episode here: https://ku.bz/G6tPB0114Interested in sponsoring an episode? Learn more.

Network Policy usage is inverted.It's easier to list the services that you want to connect to, but Network Policy forces you to list all clients that can connect to your pod.How would you even know that another team plans to connect your apps?But if Network Policy is not the right tool, then what should you use?In this KubeFM podcast, you will explore:How Network Policies are not as bad as you might think, but they are low-level APIs that are not always practical to use directly.Intent-based Access Control (IBAC) as a higher-level abstraction to describe your network segmentation requirements.How you can use IBAC to generate Network Policies, Istio Authorization Policies, AWS IAM & Roles, and more.More infoFind all the links and info for this episode here: https://ku.bz/Xhd2xKDH7Interested in sponsoring an episode? Learn more.

Jacco Taal draws a parallel between Helm and PHP, highlighting their success despite focusing on templating strings. He discusses Helm's flaws, alternative tools, managing third-party packages, and duplicated charts. The podcast also covers community reaction, expressing opinions, and scuba diving in Zealand.

By default, Kubernetes Secrets are not encrypted; values are merely base64 encoded.And this is fine — at least, this is what Mac argues in this episode of KubeFM.Mac says it all comes down to thinking strategically about security and where the Secrets could be leaked.In this episode, you will learn:How to define a threat model to inform your security posture and mitigations.How Kubernetes Secrets offer sufficient guarantees for most common threat models.If you should use Hashicorp Vault or Kubernetes Secrets (and when not to use auto-unsealing).Mac also covers tips and advice on becoming a security expert.More infoFind all the links and info for this episode here: https://ku.bz/rFlp8Yj9sInterested in sponsoring an episode? Learn more.